This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

As you can see, the module can even create new roles which may have the permissions that you want to assign.

My problem is this:

1. I start my application, it show me the login page. OK.
2. In my login page, I write a URL in address toolbar of my browser. OK.
3. If this request is served with a GET method in my @Controller, the application dont asked me user and password. Just putting the url from your browser toolbar. Skip the login! ERROR.

If you want a given url to require that the user be authenticated - you need to say so. Or a better practice would be to deny access to everything and then explicitly allow acces to unauthenticated users where appropriate.

Comment

Your version of spring is different then mine. My comment is based off 3.1. Consult the docs for the version you're using. At a high level, you just need to tell spring security that it needs to require that the user be authenticated before they access a page.